Add secrets to addons.yaml too, since in different namespace

deitch · deitch · commit 83f53ce26197 · 2019-07-19T16:39:11.000+03:00
diff --git a/README.md b/README.md
@@ -38,7 +38,7 @@ To deploy a cluster:
    * `cluster.yaml`
    * `machines.yaml`
    * `provider-components.yaml` - note that this file _will_ contain your secrets, specifically `PACKET_API_KEY`, to be loaded into the cluster
-   * `addons.yaml` 
+   * `addons.yaml` - note that this file _will_ contain your secrets, specifically `PACKET_API_KEY`, to be loaded into the cluster
 1. If desired, edit the following files:
    * `cluster.yaml` - to change parameters or settings, including network CIDRs
    * `machines.yaml` - to change parameters or settings, including machine types and quantity
@@ -68,6 +68,14 @@ Run `clusterctl create cluster --help` for more options, for example to use an e
 1. Deploy add-on components, e.g. the [packet cloud-controller-manager](https://github.com/packethost/packet-ccm) and the [packet cloud storage interface provider](https://github.com/packethost/csi-packet)
 1. If a new bootstrap cluster was created, terminate it
 
+#### About Those Secrets
+
+Notice that the API key is load into _two_ separate files, `provider-components.yaml` and `addons.yaml`. This is unfortunately necessary.
+
+* `provider-components.yaml` - needs the secret to run the `manager` that creates and destroys nodes.
+* `addons.yaml` - needs the secret to run the Packet cloud controller manager.
+
+Each of these runs in a distinct namespace, which means that each needs it in a separate kubernetes `Secret`. In the future, we may merge the namespaces or, more likely, create an authentication service that gives out credentials.
 
 ### Deploying Manually
 
diff --git a/cmd/clusterctl/examples/packet/addons.yaml.template b/cmd/clusterctl/examples/packet/addons.yaml.template
@@ -150,25 +150,12 @@ subjects:
   name: cloud-controller-manager
   namespace: kube-system
 ---
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: standard
-  annotations:
-    storageclass.kubernetes.io/is-default-class: "true"
-provisioner: kubernetes.io/gce-pd
-parameters:
-  type: pd-standard
----
 apiVersion: v1
-kind: ConfigMap
+kind: Secret
 metadata:
-  name: ingress-controller-config
+  name: cluster-api-provider-packet-credentials
   namespace: kube-system
-data:
-  gce.conf: |
-    [global]
-    token-url = nil
-    network = default
-    project-id = $GCLOUD_PROJECT
-    node-tags = $CLUSTER_NAME-worker
+stringData:
+  apiKey: "$PACKET_API_KEY"
+  projectID: "$PACKET_PROJECT_ID"
+type: Opaque
diff --git a/generate-yaml.sh b/generate-yaml.sh
@@ -163,6 +163,8 @@ cat $CLUSTER_TEMPLATE_FILE \
 
 cat $ADDON_TEMPLATE_FILE \
   | sed -e "s/\$CLUSTER_NAME/$CLUSTER_NAME/" \
+  | sed -e "s/\$PACKET_PROJECT_ID/$PACKET_PROJECT_ID/" \
+  | sed -e "s/\$PACKET_API_KEY/$PACKET_API_KEY/" \
   > $ADDON_GENERATED_FILE
 
 echo -e "\nYour cluster name is '${CLUSTER_NAME}'"
